PatchSiren

RobinHerbots CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM RobinHerbots CVE published 2026-07-18

CVE-2026-16150

A vulnerability was found in RobinHerbots Inputmask up to 5.0.9. The issue affects the function extendDefaults/extendDefinitions/extendAliases in the library lib/dependencyLibs/extend.js of the component Internal Deep Merge Helper. This allows for improperly controlled modification of object prototype attributes. The attack may be performed remotely. The project was informed of the problem early through a [truncated]